Menu

Saturday, 11 July 2020

Local File Inclusion Vulnerabilities OR Directory traversal attack


  • The attacker can easily download system files with the help of directory traversal vulnerability.
  • Address: https://www.example.com/example/download.jsp?fileName=../../../../etc/passwd
  • Clicking on this link it will download /etc/passwd file 
  • To restrict download add below lines <VirtualHost :443> OR  <VirtualHost :80>   .



File Name : httpd.conf & ssl.conf

*************************************************************
LoadModule rewrite_module modules/mod_rewrite.so

RewriteEngine on
RewriteCond %{THE_REQUEST} ^.*/\.
RewriteRule ^(.*)$ - [R=404]

*************************************************************


Thanks 😊

No comments:

Post a Comment